Add Data Retention section to chat.html

Signed-off-by: David Goulet <dgoulet@ev0ke.net>

Add Data Retention section to chat.html
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
cd267272 · David Goulet · 3937cdc6 · cd267272
Commit cd267272 authored May 15, 2015 by David Goulet
--- a/chat.html
+++ b/chat.html
@@ -58,7 +58,7 @@

 				<p>OTR.im offers a free and secure <a href="https://en.wikipedia.org/wiki/XMPP" target="_blank">Jabber</a> service that anyone can use by registering an account through your favorite chat client.</p>
 				<h4><p class="indent">&#x279b; jabber.otr.im</p></h4>
-				<p>Also possible to connect through our <a href="https://www.torproject.org/docs/hidden-services.html.en" target="_blank">Tor hidden service</a>:</p>
+				<p>It is also possible to connect through our <a href="https://www.torproject.org/docs/hidden-services.html.en" target="_blank">Tor hidden service</a>:</p>
 				<h4><p class="indent">&#x279b; 5rgdtlawqkcplz75.onion</p></h4>

 				<p>In order to configure a <a href="https://help.riseup.net/en/chat/clients" target="_blank">Jabber client</a>, you need this information:</p>
@@ -78,12 +78,62 @@
 			target="_blank">results</a> from the IM Observatory.</p>

 				<p>Finally, this server has a special quirk. It forces
-				communication to be OTR encrypted thus cleartext message between
+				communication to be OTR encrypted, thus cleartext messages between
 				clients is impossible. With the help of
 				<a href="https://riseup.net" target="_blank">Riseup</a>, we have developed a
 				prosody <a href="https://github.com/dgoulet/prosody-otr" target="_blank">plugin</a> to
 				achieve mandatory OTR communication.

+				<h2 class="subtitle">Data Retention</h2>
+				<p>
+				This section details what data OTR.im can see and can not see
+				on this Jabber server.
+				<p>
+
+				First of all, this server is setup with
+				<a href="https://en.wikipedia.org/wiki/Disk_encryption">full disk encryption</a>
+				(FDE) so all that we store is only on an encrypted
+				disk. We use a
+				<a href="https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup">LUKS</a>
+				device for this. Secondly, logging is completely disabled on
+				the Jabber server, even error logs.
+				<p>
+
+				In case of a seizure, if the server is powered off, the FDE
+				will protect all data. If the server is kept online, see the
+				<i>What we can see?</i> section below.
+
+				<h3>What we CAN see?</h3>
+				<ul>
+					<li>Your username and <code>SHA1</code> hash of the
+						password are stored on the server.</li>
+					<li><a href="https://en.wikipedia.org/wiki/VCard">vCard</a>
+						if you supply one.</li>
+					<li>Your IP address. To avoid this, use our Tor hidden
+						service.</li>
+					<li>Offline messages.</li>
+						<ul>
+							<li>OTR body. (<strong>never</strong> plaintext)</li>
+							<li>Destination contact address.</li>
+							<li>Timestamp of the message.</li>
+						</ul>
+					<li>Your roster. For each contact:</li>
+						<ul>
+							<li>Jabber address (ex: <code>keith@jabber.boozallen.com</code>)</li>
+							<li>Name of the contact (if set)</li>
+							<li>Group (if any)</li>
+						</ul>
+				</ul>
+
+				<h3>What we DO NOT see?</h3>
+				<ul>
+					<li>Message content. Mandatory OTR makes it that we can't
+						read content.</li>
+					<li>No logs thus nothing our prosody server could usually
+						tell us.</li>
+					<li>We don't keep any timing metadata such as when you
+						connect or disconnect.</li>
+				</ul>
 			</div>
 		</div>
 	</div>